Book demo

The essentials at a glance

The three things that matter most in a WMS evaluation: is my data isolated, will it stay up, and will it connect to what we already run.

 

Isolation One dedicated Azure SQL database per tenant. No shared data plane — one tenant's credentials cannot access another's.
Encryption
TLS 1.3 in transit on all connections. Azure SQL TDE at rest with Azure Key Vault-managed keys.
Failover RTO ~5–25 min (failover). ~60–90 min (full environment rebuild from Terraform). Measured, not estimated.
 RPO     Near-zero. Continuous transaction-log replication with point-in-time restore to any second, up to 30 days.
Authentication SSO via customer-managed identity integration, including Entra ID.
Certifications GDPR DPA in place. Azure infrastructure: ISO 27001 and SOC 2 (Microsoft-maintained). Bitlog ISO 27001 planned 2026.

Need the full picture? The complete Security, Resilience and Operations Brief, including the risk matrix, incident summaries, and restore test records is available on request. Request the brief by contacting us→

Firefly_Gemini Flash_Låt den animerade figuren hålla fram ett gammalt modem från 90-talet. Figuren ska se 766177 - Edited

True SaaS with per-tenant data isolation

Bitlog runs entirely on Microsoft Azure with a private Kubernetes cluster at the compute layer and a dedicated Azure SQL database per tenant at the data layer. There is no shared table, no shared schema, and no path by which one tenant's data can reach another.

In the event of a confirmed compromise, Bitlog does not restore, it destroys and rebuilds the environment from infrastructure-as-code in a clean state. No servers to manage on your side, no patching cycles, no infrastructure budget beyond the subscription.

Firefly_Låt den animerade figuren i 3D (referensbilden) flyga upp i luften med ena armen lyft 595077 - Edited

Security and compliance

All data uses TLS 1.3 in transit and Azure SQL Transparent Data Encryption at rest. Public endpoints sit behind Cloudflare WAF with full DDoS protection, backed by Azure Traffic Manager failover, a path that was exercised during the Cloudflare global outage in November 2025.

A GDPR DPA is in place with all tenants. Azure infrastructure holds ISO 27001 and SOC 2 via Microsoft. Bitlog's own ISO 27001 certification is planned for 2026. The full security brief, ISMS, and risk matrix are available under NDA.

We know what your week looks like.

Before we talk about software, let's talk about your Thursday afternoon:

Two pickers called in sick and the rest are covering while orders pile up.
Someone picked the wrong SKU again and the customer is already emailing.
Your new seasonal staff need two days of training before they are useful.
Management wants a throughput report and you are still working off spreadsheets.
Your ERP says 40 units in stock. The shelves say otherwise.

Availability and recovery. Measured, not estimated

The RTO and RPO figures on this page come from real measurements across eleven tracked incidents, not architecture estimates. Mean resolution time for SLA-impacting incidents was approximately 30 minutes. Full incident summaries are available under NDA.

Failover scenario

If the primary cluster becomes unavailable, Azure Traffic Manager re-routes traffic to the secondary endpoint within DNS TTL (up to 10 minutes). Total end-to-end RTO: approximately 5 to 25 minutes.

Full rebuild scenario

In a catastrophic loss or confirmed compromise, the environment is destroyed and re-provisioned from Terraform and verified source code. Total end-to-end RTO: approximately 60 to 90 minutes.

Recovery point

Azure SQL runs continuous transaction-log replication, not scheduled backups. Point-in-time restore is available to any second within 30 days. RPO is near-zero.

Updated-1

Tillgänglig för iOS och Android

Välj fritt, blanda om du vill, mellan de olika operativsystemen.

app-store-black

 

   google-play-black

 

 

Apohem increased picking speed with .+240%. in four months

apohem-swirl-therese-mella

"Bitlog understands our business and we always develop new functionality together." 
Therese Mella, Apohem
Read the customer case
connection-api

It connects to the system you already run

Bitlog is built API-first. Pre-built connectors cover Microsoft Business Central, Visma Business, and Visma Net. Purpose-built connectors handle Autostore via Element Logic, Kardex, and conveyor systems. ERP API credentials are stored encrypted per tenant in Azure App Configuration, backed by Azure Key Vault, and can be individually invalidated without affecting other tenants.
A full connector list is available on the integrations page. For bespoke integration requirements, Bitlog's API-first architecture means custom connections can be built against a documented, stable API surface. All integrations →

FAQ – Common questions from a CTO or CIO

How is our data kept separate from other customers?
Every customer has their own dedicated Azure SQL database with database-contained users unique to that tenant. A credential from one database cannot authenticate against another, and no shared table or schema exists across tenants. Databases are accessed via private endpoints from within the Kubernetes cluster, no tenant database is reachable from the public internet. Backups are also per-tenant, geo-redundant, and completely independent.
What happens if Bitlog goes down during our peak season?

Bitlog's architecture is designed to absorb failures without service interruption. AKS runs a minimum of three pods per service with autoscaling and health checks, so a single node failure does not affect availability. If the primary cluster becomes unavailable, Azure Traffic Manager re-routes traffic to a secondary endpoint within approximately 10 minutes. In a worst-case full rebuild, the environment is re-provisioned from infrastructure-as-code in 60 to 90 minutes. These are measured figures, not estimates.

How does Bitlog connect to our ERP and existing systems?

Bitlog is built API-first, so integration is by design rather than by exception. Pre-built connectors cover Microsoft Business Central, Visma Business, and Visma Net, no custom API development required on your side. ERP credentials are stored encrypted per tenant in Azure App Configuration, backed by Azure Key Vault, and can be individually invalidated without affecting any other tenant. For systems outside the pre-built connector list, Bitlog's open API surface supports custom integrations.

Who is responsible for security — Bitlog or us?

Responsibility is clearly split. Bitlog owns the infrastructure, application code, tenant databases, OS patching, and container security. You own your end-user accounts and offboarding, the content and quality of your tenant data, integration credentials on your side, and the host machines running any optional on-prem print clients. Bitlog provides the mechanisms and controls, you operate them for your own users. A full shared responsibility matrix is available in the Security, Resilience and Operations Brief.

Want to go deeper on the technical setup?

Book a session with Bitlog's technical team. They can walk through the integration architecture, answer questions on security and compliance, and confirm what implementation looks like for your specific stack.

Others involved in this decision?

Here's what the rest of the team will want to see.
For your Warehouse Manager
Operations, picking, and daily control

The operational case for Bitlog, with concrete numbers from real customers.

Warehouse manager page
For your CFO
The business case and payback time

Bitlog typically pays for itself within 2 to 4 months through picking efficiency gains and shipping cost savings. If your CFO wants numbers, this page has them, including a breakdown of where the savings come from.

CFO page
For your CEO
What this means for the business

Faster order fulfillment, fewer customer complaints, lower freight costs, and a warehouse that can scale without hiring proportionally. This page connects the operational gains to business outcomes.

CEO page